How to configure port security on Cisco switches




In some environments, a network must be secured by controlling what stations can gain access to the network itself. Port security is a feature used on Cisco Catalyst switches which limits the MAC addresses allowed to appear on a specific port. In most cases network administrators use this to secure access to the physical network.

Using this feature only predefined static MAC addresses or limited number of dynamic MAC addresses can access the network. Suppose a user tries to connect to a port which has port security enabled and his MAC address does not appear on the list of allowed MAC addresses. In this case the port will be shut down or the packets arriving on that port will be dropped with a specific action. To resolve this issue the port must be re-enabled manually by the network administrator or automatically after a period of time if the errdisable cause is configured for automatic recovery (by default after 300 seconds).

Continue reading…